Sigfox leads with its chin on security for internet-connected things

'Imagineer's declaration' betrays industry-wide apathy

Comment French Internet of Things bods Sigfox have published a “Universal Declaration of IoT Rights”, which, as well as being a bit awful, sheds light on a wider boredom with proper security.

Hopefully published tongue-in-cheek, the declaration was written by Sigfox’s “vice president imagineering” (not a typo), opening: “We have a vision that one day, everything around us will have a 'voice' through IoT connectivity.”

It gets a little Asimov-ish after this.

Article 1 – All connected objects are created equal in dignity and rights. They are endowed with connectivity and should act towards the Internet in a spirit of brotherhood.

Article 2 – Every connected object is entitled to all the rights and freedom set forth in this declaration without distinction of any kind. Furthermore, no distinction shall be made on the basis of the technology choice of their inceptors, of the country or territory where they are deployed, or whether the deployment be peer-to-peer, LAN, WAN or LPWA.

Article 3 – Every connected object has the right to security.

Article 4 – No connected object shall be subjected to hacking or to damaging treatment or tampering.

Article 5 – No connected object shall be subjected to arbitrary attacks or denial of service.

Article 6 – No connected object shall be subjected to arbitrary interferences with its operation. Every connected object has the right to protection against such interference or attacks.

“Our vision could be perceived as utopian,” a mildly self-aware Raoul Mallart tacked onto the end of the post, adding: “It is our hope that this bold declaration will set a direction and an achievable goal for the IoT ecosystem.”

For sure, Sigfox’s “declaration of IoT rights” is not exactly a substantial manifesto, and nobody’s pretending otherwise. Yet phrases like like “Sigfox-Ready objects are protected and cannot be hacked from Internet” – lower down in the blog – are what we in the UK call “leading with your chin”: if that isn’t an open invitation for some miscreant to go and prove Sigfox wrong by hacking one of its networks, what is?

Whimsical posts like this one – and Sigfox isn't alone here – betray a wider industry attitude towards IoT security that can seemingly be summed up as follows: "Meh". ®